Within your customer’s environment, each end user is linked to a set of “known devices.” These are the specific computers, tablets, phones and other devices that have been pre-approved by the company for the employee to use for work.
The majority of the time, users log into your clients’ accounts and systems using their known devices.
But occasionally, there will be a discrepancy. And those discrepancies — while maybe not an emergency every time — are still important for you to pay attention to.
They may be nothing. But they may be a big problem.
There are legitimate situations where an end user accesses their accounts on an unexpected device.
Maybe the user is borrowing their partner’s laptop. Or, they’re setting up their email app on a new iPhone.
But unapproved device access in conjunction with other suspicious activity can be cause for concern.
For example, maybe an unknown device accesses an account, then immediately starts a bulk file download. A cybercriminal might as well be holding a neon sign that says “I’m stealing all your data!!”
Or, the user logs in from both an unapproved device and an unapproved location. This could signal that a bad actor is actually on the other side of the screen.
When it comes to keeping clients safe, you want to know when an unknown device enters the chat. Because if your clients are being hacked, acting fast will help you:
SaaS Alerts combines continuous monitoring and user behavior analytics to help you protect your clients from bad actors on unapproved devices. Here’s how we help you cover your customers’ SaaS.
Depending on how many customers you have (and how many end users they have), there could be thousands of login events to keep track of each day.
To manually keep up with all of those — AND isolate the suspicious ones — would require superhuman focus. (Or finding a way to squeeze more than 24 hours out of a day.)
Instead, let SaaS Alerts do the monitoring for you. You work on your business. We’ll monitor your logins and let you know if something looks fishy.
No superhuman focus required.
If there is a bad actor on the other side of that login, you want to stop them in their tracks.
But shutting down an account every time someone logs in from an unapproved device would be annoying for everyone involved.
What you can do is use SaaS Alerts to set up customized indicators of compromise that prevent access if an unapproved device login occurs alongside other suspicious behaviors.
For example, you can build a rule within our Respond module that shuts down an account if three suspicious actions occur simultaneously.
For example:
Unknown device logins can be useful data points to track. They help identify user behavior patterns. For example, does an end user frequently use an unapproved device? Did they get a new phone they just haven’t told management about yet?
With SaaS Alerts, you can easily pull reports on unknown device logins, then use those records to proactively troubleshoot and protect your customers’ SaaS.
And the best part about letting SaaS Alerts take all this off your plate? Our software works 24/7/365 — so you can take breaks, enjoy your life and get a little extra sleep.
“Thanks to SaaS Alerts, I worry less about potential risk when I’m sleeping. That’s a really big deal for me. Before SaaS Alerts, when I went to bed, I thought, ‘Hackers don’t sleep. What will happen if I do?” — Kirolos Abdalla, formerly of WOM Technology Management Group.
See how we helped Kirolos catch some ZZZs.